An integer overflow in previous versions of ClamAV could allow a remote
attacker to cause a Denial of Service (scanning service crash) and
execute arbitrary code via a Portable Executable (PE) file
(CVE-2006-4182).

Another vulnerability could allow a remote attacker to cause a DoS via
a crafted compressed HTML (CHM) file that causes ClamAV to read an
invalid memory location (CVE-2006-5295).

These issues are corrected in ClamAV 0.88.5 which is provided with this
update.
_______________________________________________________________________